SQL Server Debugging with WinDbg – an Introduction

In today’s blog posting I want to dig into a completely different area in SQL Server: how to debug SQL Server with WinDbg – the debugger that comes with the Debugging Tools for Windows. Before we go into the nasty details, I want to explain in a bit in more detail why I have chosen such an obscure topic to blog about.

Why?

Why on earth do you ever need a debugger like WinDbg when working with SQL Server? The short answer: NEVER! SQL Server is a stable product and you should be always fine with the troubleshooting techniques (Extended Events, DMVs/DMFs) provided by it, without ever having a need for WinDbg. And if you are in doubt, you should always contact PSS first, before trying to debug a nasty SQL Server problem yourself. What are the reasons for using a debugger like WinDbg? For me it’s mainly about education, and learning *how* things are working internally in SQL Server, and *how* relational database engines are implemented. When I’m dealing with customer problems, I sometimes see crazy things happening within SQL Server, which I have to explain. Therefore the more I know about SQL Server, and how SQL Server works, the better it is for me and my customers.

I’m using WinDbg ONLY for educational purposes on non-production test systems to get a better understanding of what happens within SQL Server when executing queries. And as a side-effect I’m learning a bunch of additional concepts about the Windows OS, about user-mode debugging, the X64 assembly language, and the x64 machine architecture. Over the last 6 months I have also read a huge amount of books, and research whitepapers that describe *how* relational database engines are implemented. With WinDbg I can have a look into SQL Server, in which way some things are implemented, and how things are working together. And the most important thing: using a debugger like WinDbg is just geeky, and everyone loves it 😉

Let’s get started

Before we go into the details how to setup WinDbg for SQL Server debugging, I first want to give you a high level overview about the most important SQL Server DLL files, that you will use during debugging. Let’s have a look on the following figure.

SQL Server Architecture

As you know, SQL Server itself is implemented in the executable sqlservr.exe. During startup, sqlservr.exe load multiple DLL files into its process space. The most important ones – from a debugging perspective – are the following ones:

  • The DLL file sqldk.dll (SQL Server Development Kit) implements by far the largest part of SQL OS – the OS that is part of SQL Server which handles thread scheduling and memory management.
  • sqlmin.dll implements everything regarding the relational engine itself, including the Storage Engine, Data Access Methods, Lock Manager, Log Manager, LazyWriter, and other components. This file is one of the most important ones for debugging, because it contains the major well-known components of SQL Server.
  • In addition you will also have the DLL file sqllang.dll that contains everything regarding the T-SQL language, and the Query Processor itself.

To use WinDbg you have to install the Debugging Tools for Windows, which can be downloaded for free from Microsoft. After you have installed them, you get in the folder

C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x64

the executable windbg.exe that is the debugger itself. When you start WinDbg, you have to make sure that you start it with administrative privileges, because otherwise you have no chance to attach to a process like sqlservr.exe. To use WinDbg effectively, you also have to configure so-called symbols. The symbol files are used to decode memory addresses to their corresponding function names for easier debugging and understanding. When you are working with symbols, you have to distinguish between public and private symbols. Every person outside of Microsoft *only* has access to the public symbols. The public symbols are just a subset of the private symbols, excluding more interesting things like:

  • Data type definitions
  • Local variable definitions
  • Function parameters

The public symbols provide you only with function names – almost nothing more! That’s a huge restriction that we have to live with (compared to the private symbols). But on the other hand Microsoft wants to protect their intellectual property. But getting complete function names for call-stacks, setting breakpoints on them, and debugging through them will greatly help you get a better understanding of what happens within SQL Server. As long as you have configured WinDbg correctly, you will get automatically the correct public symbols for your specific SQL Server build that you are debugging. You can also try local Kernel Mode Debugging, and you will even get the correct symbols for the kernel mode – but that’s a different (long) story… Within WinDbg you just have to configure the internet address of the public symbol server of Microsoft, where WinDbg can download them. The address is 

http://msdl.microsoft.com/download/symbols

I’m using a simple batch file, which launches WinDbg, sets the correct address of the symbol server, and attaches directly to the process sqlservr.exe. The used command line is as follows:

windbg -y srv*g:\symbols*http://msdl.microsoft.com/download/symbols -pn sqlservr.exe

You must make sure that only one instance is SQL Server is running, because WinDbg is attached by the process name sqlservr.exe. If you have multiple instances of SQL Server running, you have to specify the correct PID, which you can get from Task Manager. The path g:\symbols is the location on your computer where the downloaded symbol will be stored. Size that location accordingly, because you can download a huge amount of symbol files over the time. My local symbol store has currently a size of around 1 GB… If everything went fine, you should by now be attached to sqlservr.exe:

WinDbg

The program execution has currently stopped, because you hit a breakpoint in the module ntdll. ntdll is a simple wrapper DLL provided by the OS, which performs the transition from user mode into the kernel mode. This means also that now *every* thread within SQL Server is stopped, and no more work is done anymore!!! NEVER EVER try to attach WinDbg to sqlservr.exe in a production environment! If you want to resume the execution of sqlservr.exe just hit the F5 key on your keyboard – SQL Server is running again. If you want to break the program execution again, you have to set a specific breakpoint somewhere in the process space of sqlservr.exe, or you can also break the current execution by the keyboard shortcut CTRL + BREAK.

If you break the execution with that shortcut, WinDbg just puts you onto a specific thread, somewhere within sqlservr.exe. That’s only recommended if you want to analyze a specific memory address, or if you want to set a more concrete breakpoint for further troubleshooting. One very important command in WinDbg is the x command: it returns you all symbols that are defined in a specific module. Let’s have a look at the following command:

x sqlmin!*BTree*

This WinDbg command returns you all function names that have the word “BTree” in their name. You are just able to analyze and return the various function names on which you can set a breakpoint. The format of the returned function names is as follows: module_name!class_name::function_name, like sqlmin!BTreeMgr::Seek. If you want to return all functions defined by the class BTreeMgr, you can use the following command:

x sqlmin!BTreeMgr::*

The x command is a very powerful one to explore the various classes that SQL Server implements. To give you some home work, try to answer the following questions:

  • In which class is the Lock Manager implemented?
  • What functions are used to acquire and release latches?
  • What’s the name of the class that implements the SQLOS Scheduler?

Please feel free to post your answers as a comment.

Summary

In this blog posting I have given you a brief introduction to WinDbg, and how you can use this debugger to attach it to SQL Server. As you have seen, the process space of sqlservr.exe consists of multiple DLL files, where every DLL implements a larger set of components of SQL Server. When you have configured the path to the public symbols in the correct way, you are able to retrieve a lot of meta data information about the various classes and functions that are part of SQL Server. The WinDbg command x is here your friend.

I hope that you have enjoyed this very specific blog posting, and next week I will show you, how you can debug and execute a SQL Server query instruction by instruction within WinDbg.

Thanks for reading!

-Klaus

15 thoughts on “SQL Server Debugging with WinDbg – an Introduction”

  1. Hi Klaus,

    I will try one time, let’s see if I’m doing something wrong.
    In which class is the Lock Manager implemented?
    A: I’ve found this: sqlmin!LockManager::* then I can get all Lock Manager functions.

    What functions are used to acquire and release latches?
    A: sqlmin!BUF::AcquireLatch and sqlmin!BUF::ReleaseLatch

    What’s the name of the class that implements the SQLOS Scheduler?
    A: sqldk!SOS_Scheduler

    Thanks,
    Marcos Freccia

        1. Klaus Aschenbrenner

          Hello Damodar,

          Thanks for your comment.
          You can use the DMV sys.dm_os_memory_clerks to see the memory distribution from a SQL Server perspective.

          Thanks,

          -Klaus

  2. Hi Klaus,

    Can you recommend me some resources for learning how RDBS are implemented internally ?

    Thank you

      1. Thanks Klaus,

        I’m trying to develop my own small DB, just for fun and broader understanding of how things are implemented !

  3. Hi Klaus,

    apart of the reasons you mention to learn this topic, it’s also necessary when you have to analyze a minidump. Maybe if you continue this series, a post relating how to do that should be great.

    Thanks

  4. “Transaction Processing: Concepts and Techniques” by Jim Gray & Andreas Reuter, Is there pdf of this book? And if I can download this excellent book would be lucky.

  5. The stand alone of WinDbg install cab, the newest one, would you you provide me a direct download link.? For me in china mainland,it’s kind of difficult for to do that from Microsoft website.

  6. Hello Klaus,

    I tried all your steps and they all work fine except the last one where it fails to hit the break point.It errors out with message

    “No matching code symbols found, no breakpoints set.
    If you are using public symbols, switch to full or export symbols.”

    I used this command ~56 bm sqlmin!CQueryScan::GetRow where 56 is the thread number shown at the bottom left 0:056 >

    What wrong am I doing ? Please help me out.

    Thanks

  7. Andrea Caldarone

    Hello Klaus,
    I wish to use WinDbg to dig into memory dumps. Production servers are almost always isolated from the internet so it is not possible to launch WinDbg on them and dowload symbols. Is it possible to download symbols on an other machine and the copy downloaded symbols on the production server?
    Or maybe it is better to copy memory dump on a machine with internet access, but I think WinDbg doesn’t work as expected since it has no access to sqlsrvr.exe process

    1. Klaus Aschenbrenner

      Hello Andrea,

      I would copy the memory dump to another machine and debug it there.

      Thanks,

      -Klaus

Leave a Reply to woodytu Cancel Reply

Your email address will not be published. Required fields are marked *